Fedora Essential and Critical Security Patch Updates - Page 839
Find the information you need for your favorite open source distribution .
Fedora Core 4 Update: kdegraphics-3.5.1-0.2.fc4
kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains a heap based buffer overflow in the splash rasterizer engine that can crash kpdf or even execute arbitrary code. Users impacted by these issues, should update to this new package release.
Fedora Core 4 Update: poppler-0.4.5-1.1
Heap-based buffer overflow in Splash.cc in poppler, allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap.
Fedora Core 4 Update: xpdf-3.01-0.FC4.8
xpdf contains a heap based buffer overflow in the splash rasterizer engine that can crash kpdf or even execute arbitrary code. Users impacted by these issues, should update to this new package release.
Fedora Core 4 Update: kernel-2.6.15-1.1831_FC4
This update fixes a remotely exploitable denial of service attack in the icmp networking code (CVE-2006-0454). An information leak has also been fixed (CVE-2006-0095), and some debugging patches that had accidentally been left applied in the previous update have been removed, restoring the functionality of the 'quiet' argument.
Fedora Core 4 Update: unzip-5.51-13.fc4
This update fixes several vulnerabilities in the unzip utility.
Fedora Core 4 Update: audit-1.0.13-1.fc4
This release backports some bugfixes and enhancements from the current devel branch.
Fedora Core 4 Update: firefox-1.0.7-1.2.fc4
Mozilla Firefox is an open source Web browser. Igor Bukanov discovered a bug in the way Firefox's JavaScript interpreter dereferences objects. If a user visits a malicious web page, Firefox could crash or execute arbitrary code as the user running Firefox. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0292 to this issue. moz_bug_r_a4 discovered a bug in Firefox's XULDocument.persist() function. A malicious web page could inject arbitrary RDF data into a user's localstore.rdf file, which can cause Firefox to execute arbitrary JavaScript when a user runs Firefox. (CVE-2006-0296) A denial of service bug was found in the way Firefox saves history information. If a user visits a web page with a very long title, it is possible Firefox will crash or take a very long time to start the next time it is run. (CVE-2005-4134)
Fedora Core 4 Update: mozilla-1.7.12-1.5.2
Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Igor Bukanov discovered a bug in the way Mozilla's JavaScript interpreter dereferences objects. If a user visits a malicious web page, Mozilla could crash or execute arbitrary code as the user running Mozilla. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0292 to this issue. moz_bug_r_a4 discovered a bug in Mozilla's XULDocument.persist() function. A malicious web page could inject arbitrary RDF data into a user's localstore.rdf file, which can cause Mozilla to execute arbitrary JavaScript when a user runs Mozilla. (CVE-2006-0296) A denial of service bug was found in the way Mozilla saves history information. If a user visits a web page with a very long title, it is possible Mozilla will crash or take a very long time to start the next time it is run. (CVE-2005-4134)
Fedora Core 4 Update: cups-1.1.23-15.3
This update fixes the pdftops filter's handling of some incorrectly-formed PDF files. Issues fixed are CVE-2005-3625, CVE-2005-3626, and CVE-2005-3627.
Fedora Core 3 Update: cups-1.1.22-0.rc1.8.9
This update fixes the pdftops filter's handling of some incorrectly-formed PDF files. Issues fixed are CVE-2005-3625, CVE-2005-3626, and CVE-2005-3627.
Fedora Core 4 Update: kernel-2.6.14-1.1656_FC4
This update fixes several low-priority security problems that were discovered during the development of 2.6.15, and backported. Notably, CVE-2005-4605.
Fedora Core 3 Update: mod_auth_pgsql-2.0.1-6.2
Several format string flaws were found in the way mod_auth_pgsql logs information. It may be possible for a remote attacker to execute arbitrary code as the 'apache' user if mod_auth_pgsql is used for user authentication. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-3656 to this issue. Please note that this issue only affects servers which have mod_auth_pgsql installed and configured to perform user authentication against a PostgreSQL database. Red Hat would like to thank iDefense for reporting this issue.
Fedora Core 4 Update: mod_auth_pgsql-2.0.1-8.1
Several format string flaws were found in the way mod_auth_pgsql logs information. It may be possible for a remote attacker to execute arbitrary code as the 'apache' user if mod_auth_pgsql is used for user authentication. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-3656 to this issue. Please note that this issue only affects servers which have mod_auth_pgsql installed and configured to perform user authentication against a PostgreSQL database. Red Hat would like to thank iDefense for reporting this issue.
Fedora Core 3 Update: gpdf-2.8.2-7.2
Chris Evans discovered several flaws in the way CUPS processes PDF files. An attacker could construct a carefully crafted PDF file that could cause CUPS to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project assigned the names CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, and CVE-2005-3627 to these issues.
Fedora Core 4 Update: poppler-0.4.4-1.1
Chris Evans discovered several flaws in the way poppler processes PDF files. An attacker could construct a carefully crafted PDF file that could cause poppler to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project assigned the names CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, and CVE-2005-3627 to these issues.
Fedora Core 4 Update: xpdf-3.01-0.FC4.6
Several flaws were discovered in Xpdf. An attacker could construct a carefully crafted PDF file that could cause xpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project assigned the name CAN-2005-3193 to these issues. Users of xpdf should upgrade to this updated package, which contains a patch to resolve these issues.
